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(57) Abstract: The present invention relates to a semi-private security method and system that enables certain individuals (12) to 
access a person or provider's personal resource or endpoint (10) without the need far a shared password. The invention prevents the 
general public or those not having specific knowledge of the provider (10) from accessing the personal resource. The access to the 
resource is controlled through an identifier that relates to and can be understood from attributes or clues that only certain individuals 
(12) would have knowledge about 
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METHOD OF CONTROLLING ACCESS TO PERSONAL RESOURCES 

This non-provisional application is based on the provisional patent application 
Serial No. 60/194,254, entitled Consumer XML Message Processing Platform, filed on 
April3,2000. 

5 Gross reference is made to a related invention disclosed in U.S. patent 

application entitled Individual XML Message Processing Platform, filed concurrently, 
tiie subj ect matter of which is owned by the present applicants and the teachings of 
which are incorporated herein by reference. 

Cross reference is also made to a related invention disclosed in Ui>. patent 

1 0 application entitled Method and System for Content Driven Electronic Messaging, filed 
concurrently, the subject matter of which is owned by the present applicants and the 
teachings of which are incorporated herein by reference. 

Background Of The Invention 

The present invention pertains to a method of semi-private security. More 
1 5 particularly, the present invention pertains to a method for restricting general access to 
an individual (or that individual's endpoints) or restricting general access to a web site, 
while allowing access to certain individuals having particular knowledge about the 
individuals the web site. The present invention can be applied to any method or 
system of communication whereby all unsolicited communications are screened from 
20 the person. 

Whether it is in a work environment or for personal use, users of the Internet 
wish to share their resources such as personal web pages, contact information, and 
configuration information with third parties also using the Internet These third parties 
include friends, family, and business colleagues. However, for obvious reasons, users 
25 do not want to share this information with the many other users that are accessing the 
Internet Moreover, most Internet users that receive electronic mail or e-mail do not 
want to receive unsolicited electronic messages, otherwise known as spam. likewise, 
web site owners are willing to share documents or files associated with their web site, 
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and to share this information on a limited basis, while having some sort of security 
mechanism that will prevent the general public from accessing the same information. 

Currently, the prior art provides only a few widely known techniques for 
facilitating a shared-file or shared-document environment One of them is a type of 

5 multi-user software sold by Xerox as their Global View software product, which 

provides a concept of shared file drawers. Access to the drawers is either limited to a 
read-only basis or is limited to those users who have been given an icon to enter the 
drawer* A systems administrator is in charge of the icon distribution. A similar system, 
offered by Novell, provides a concept of a shared network drive where access is 

10 available to every file in the drive. The systems administrator controls access to the 
drive. A system that is applicable to web site applications, shares files or documents 
through hypertext or other links to a home page. These applications provide the 
necessary security, or access to some or all of the documents or files pertaining to that 
web site, by utilizing a password, which may be controlled by a web master. 

15 Another method of controlling access to a particular resource involves 

cryptographic authentication algorithms that rely on public and private keys to 
authenticate access to the resource. One of downsides of the cryptographic 
authentication algorithm approach is that the keys need to be generated and then 
distributed to the individuals that need access to the information. 

20 For example, if a web site is protected in such a manner, the user would have to 

distribute the keys to potentially hundreds of friends, family members and business 
associates to whom the user would like to invite access. likewise, if all of these 
friends, family members and business associates had their own web sites that were also 
protected, they too would have to distribute similar keys to allow access to their 

25 information. Obviously, this type of distribution can be inefficient and problematic. As 
a result, most web sites are not protected from access by using security measures. 

It can be appreciated that there exists a need for a shared data environment, 
which overcomes the above-mentioned drawbacks. 
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Snmmarv Of The Invention 

The present invention allows for protection of all types of user communication 
resources but enminates the need for knowledge of a particular password or key that 
typically allows limited access or full entry to the resources. It is therefore primary 
5 aspect of the present invention to provide a method of controlling access to at least one 
personal resource of a provider, which is being requested. 

The provider establishes an identifier or password and certain attributes or 
questions mat relate to mat identifier, which are commonly known only by a select 
group of requesters. The provider men stores the identifier and the attributes to which 
10 the identifier is to be applied. Upon receiving a request to access the provider's 

personal resource, the requester is asked to provide the identifier based on the attributes 
related to mat identifier. If the correct identifier is transmitted, the requester can gain 
entry to the personal resource. 

It is another aspect of the invention that if an incorrect identifier is transmitted, a 

15 second attribute or question is displayed. The second attribute may include a suggestion 

or clue related to the identifier, along with a second demand for the password. If the 
requester transmits the correct identifier after the second attribute is displayed, the 
requester can gain access to the provider's personal resources but at a different access 
level. 

20 Another aspect of the invention is to generate a third attribute if the second 

demand for the password is responded to incorrectly. A correct response to the third 
attribute allows even further restricted access. Many levels can be created as long as 
there are further attributes or clues generated. 

Another aspect of the invention is to generate an allowance message that 
25 indicates to the requester that the identifier has been successfully matched and that 
access to the provider devices will be provided. 

Another aspect of the invention to provide a security system for use in a 
personal resource that is one of devices selected from the group consisting of a wired 
telephone, pager, wireless telephone, fcrcsimile machine, personal digital assistant, 
30 personal web portal, email address, individual data file, and an Internet resource. 
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Detailed Description Of The Drawings 

Figure 1 is a block diagram representing the relationship among objects within 
the shared environment of the present invention; 

Figures 2 through 4 represent a flow chart of tile method of operation of the 
present invention; 

Figure 5 is an example of a first input demand dialogue box through which a 
requester may enter die resources of the provider; and 

Figure 6 is an example of a second input demand dialogue box through which a 
requester is provided a suggestive clue to assist entering the resources of the provider. 

Detailed Description Of A Preferred Embodiment 

Turning now to the drawing figures, the security system of the present invention 
will be explained in greater detail In order to understand the scope of the present 
invention, attention is first directed to Figure 1 , which shows a block diagram 
representing the present invention. The provider, or the individual, corporation or party 
attempting to create and use a semi-private security system, may have a plurality of 
different personal resources or endpoints 10, for which protection is needed from others 
(requesters) attempting to contact the provider. These requesters can be family ; 
members, friends, business associates or unknown individuals. These personal 
resources or endpoints 10 may include, among others, facsimile machines, pagers, 
wired telephones, wireless telephones, personal digital assistants, personal web portals, 
email addresses, individual data files, or Internet resources. 

It can be appreciated that with the present invention, a requester who might 
happen tobea telephone solicitor, may be prevented from gaining automatic access to 
the provider through the home telephone of the provider. 

Similarly, it should be understood that a requester may be attempting to 
communicate with the provider through one of the same type of devices or endpoints 12 
that the provider is trying to protect from access, as described above. The specific type 
of device 12 with which the requester is attempting to reach the provider, will control 
the mechanism that is used for either denying or allowing access to the provider. 
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Figures 2 through 4 show a flow chart for either denying or allowing the 
requester to access the provider. To protect his personal resources, the provider begins 
the process by first creating an identifier or password 40. This is done by selecting key 
value(s) that are generally known to a desired requester, but not known by the general 
public. For example, the provider may use the name of his dog as the identifier. The 
identifier becomes associated with each endpoint 10, and requires a prompt to be 
correctly entered prior to access being given to the requester to access me provider's 
personal resources. 

The identifier 40 is stored 44 in a data storage device 14, which is linked to a 
processor 16. The processor 16 can be of several platforms, like a web server, a 
personal computer that is connected to a modem and phone line, or to a plattbrm su^ 
as that available through an XML Messaging platform of which Centerpost is an 
example, and which is described in patent apphcations entitled Individual XML 
Message Processing Platform and Method And System For Content Driven Electronic 
Messaging, both applications tiled corjairrentry herewith, and are incorporated herein 
by reference. When a requester is using a device like his email address to reach the ;• 
provider, he would send an email message to the provider. The email message is 
received by the processor 16 as an input request signal 50.. With any input request 
signal 50, the processor wfll generate a first response signal or attribute 60 which is 
transmitted back to me requester at 
to the provider, m this case, his emafl address. 

The first response signal 60 may comprise two parts, the first part 62 being an 
input demand that requires the requester to enter the provider's identifier 40 that has 
been stored in the data storage device 14. The second part 64 of the first response 
signal may be a message signal that indicates whether the identifier entered by the 
requester matched the identifier in storage 44. 

Although there are many different ways in which to effect the request aspect of 
the present invention, Figure 5 illustrates one of the methods. The first response signal 
60 has a message signal 64 which appears on the screen of the device 12 of the 
requester (in this case the computer screen displaying his email account) requesting him 



WO 01/75604 



PCT/US01/10715 



to input an identifier. The response signal may, among other things, contain three keys 
to which the requestor can alter a response. 

The first key 63 is the Quit key and depression of this key will automatically 
disconnect the requester from the connection to the processor and end the request to 
access. The second key 65 is the Clear key and it is provided to allow a requester to 
clear an identifier input if he misspells it or if he feels he mistakenly entered the wrong 
identifier. Use of key 65 does not break the connection with the processor. The last 
key is the Enter key 67 that is used after the requester enters his identifier choice into 
the input area 69. Once key 67 is depressed, the input demand of the first response 
signal is transmitted to the device 12 of the requester. If the requester transmits the 
proper key value (identifier), which matches the identifier 40, then authentication is 
established and access is granted. 

A message 71 is generated and transmitted to die requester, indicating that the 
identifier has been successfully matched. At that point, the processor establishes access 
90 to the provider device 1 0 and then communication can take place between the 
requester and the provider. 

If the requester enters an incorrect identifier 40, then a message 68 is generated 
and transmitted to the requester, indicating that a match was not maid and that access 
will be denied. A second input request signal 70 can then be generated and transmitted 
to die requester through device 12. The second response signal 70 would also comprise 
two parts, file first part 72 being a second input demand requiring the requester to again 
enter an identifier 40 in an attempt to match the provider's identifier. The second 
response signal 70 is shown in Figure 6. The second response signal also is provided 
with the same keys 63, 65 and 67 as the keys of the first response signal, although there 
are many different ways this can be accomplished. 

The second part 74 ofthe second input request signal 70 is a message signal that 
provides the requester with a suggestive clue relating to the identifier 40. The input 
demand might be a response to a simple question that has to be correctly answered. For 
example, the second input demand or attribute might be related to something personal 
pertaining to the provider. For instance the question might be "What is my dog's 



WO 01/75604 



PCT/US01/10715 



name?" and the key value would be "Spot", the name of the provider's dog. Thus, the 
key value is the identifier. If the proper identifier 40 is entered in response to the 
second input demand or attribute, then authentication is established and access is 
granted. 

The message 76 is then generated and transmitted to the requester, indicating 
that the identifier has been successfully matched. At that point, the processor 16 
establishes access 90 to the provider device 10 and men communication can take place - 
between the requester and the provider. 

If the identifier mat was entered upon the second input demand does not match 
the identifier 40, then an additional message 78 is generated and transmitted to the 
requester, indicating mat a match was not maid and mat access wffl be denied. Of 
course, it is possible to add an additional level or levels of suggestive clues related to 
the same identifier to help a requester correctly match the indicator. 

Further, different levels of access to the personal resource can be set up and then 
accessible depending on how many attributes must be shown to the requester before the 
correct identifier is transmitted. For example, if a requester enters a correct identifier on 
the first try, then the requester may obtain access to a certain level of the provider's 
personal resource 10, Le^ a particular web page or a telephone call mat rings through to 
the provider. If a correct identifier is entered only after two attributes or questions are 
transmitted, the requester may only obtain access to a lower level of the resource 10, 
Le^ a lower-level web page (with no access to the higher level pages), or the provider's 
voice-mail (instead of actually reaching the provider). 

The present invention obviates the need for a key to be distributed since the 
identifier is not a randomly generated and shared password. Rather, the identifier can 
relate to a personal fact or an event that certain knowledgeable individuals would know 
and thus be allowed access to the personal resource. 

In another example, the security platform of the present invention enables a 
requester to send a message to one of the provider's endpoints 10 using the security 
method described above. However, the message would not go directly to the 
subscriber's intended endpoint, but instead, if the requester knew the identifier/based 
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on the attribute, the message would be delivered to the provider at the endpoint that the 
provider selected. 

In this embodiment, the provider may want anyone who knows the identifier 
based on the attribute to be able to reach the provider at his home telephone. Thus if a 
5 requester called the provider at work, and received an attribute or question that he could 
answer, the requester would be transferred to the provider's home phone, whereas a 
requester that could not provide the correct identifier would have to leave a message on 
the provider's work voice-mail. "~ 

In this example, instead of the input screens shown in Figures 5 and 6, the 
10 requester would input the identifier through the alphamimerical key pad on the 

telephone, as is common practice with many messaging systems known today. The use 
of the pound sign could be used as the step necessary to initiate the transmission of the 
identifier. 

While the invention has been described with reference to a particular 
15 embodiment, those of skill in the art will recognize modifications to structure and 

methods that still fall within the scope of the invention and which is described in the 
following claims. 
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WE CLAIM: 

1. An apparatus for providing security for at least one personal resource of 
a provider, comprising: 

at least one provider personal resource capable of receiving a request signal 
from arequester, said requester requesting access to the at least one 
personal resource of flie provider; 

a memory device for storing an identifier and at least one attribute, said attribute 
being related to said identifier, wherein the attribute is generated and 
transmitted to said requester upon receiving said request signal; and 

a processor used in association with the personal resource, said processor 

capable of receiving a transmission from said requester and comparing 
said transmission to said identifier. 

2. The apparatus of claim 1, wherein said processor allows access to said at 
least one personal resource upon receiving a transmission from said requester that is the 
same as said identifier. 

3. The apparatus of claim 2, wherein upon receiving a transmission from 
said requester that is not the same as the identifier, the processor transmits a second 
attribute to said requester. 

4. The apparatus of claim 3, wherein said requester sends said transmission 
via a communication device, the communication device selected from the group 
consisting of a wired telephone, pager, wireless telephone, facsimile machine, email 
address, personal digital assistant, web site. 

5 . The apparatus of claim 4, wherein die personal resource is one of 
resources selected from the group consisting of a wired telephone, pager, wireless 
telephone, facsimile machine, email address, personal digital assistant, web site. 

6. The apparatus of claim 2, wherein the first response signal comprises an 
input demand and response, said input demand requiring the requester to provide an 
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identifier of the provider, the response being a signal indicating one of approval or 
disapproval to access the personal resource of the provider. 

7. A method of controlling access to at least one personal resource of a 
provider that is being requested access thereto by a requester, comprising: 

prompting the provider to establish an identifier, the identifier having a personal 

attribute that is commonly known only by a select group of requesters; 
storing the identifier and associating at least one personal resource to which the 

identifier is to be applied; 
receiving an input request signal from a requester to access the at least one 

personal resource of the provider; 
generating a first response signal which informs die requester of one of approval 

and disapproval for access to the personal resource of the provider. 

8. The method of claim 7, wherein the first response signal is comprised of 
an input demand and response, the input demand requiring fhe requester to provide an 
identifier of the provider, the response being a signal indicating one of approval and 
disapproval to access. 

9. The method of claim 8, further comprising generating a second response 
signal if Ate input demand ofthe first response signal is a non-match, the second 
response signal comprising a suggestive clue related to the identifier ofthe provider and 
a second input demand to provide the identifier of the provider based upon the attribute. 

10. The method of claim 9, further comprising generating a third response 
signal if the second input demand of the second response signal is a disapproval, the 
third response signal comprising a denial of access to the personal resource ofthe 
provider. 

11. The method of claim 10, further comprising generating an approval 
message that indicates to the requester that the identifier has been successfully matched 
and that access to the provider devices will be provided. 

-10- 
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12. The method of claim 8, wherein the input request signal is transmitted 
through a communication device, the communication device selected from the group 
consisting of a wired telephone, pager, wireless telephone, facsimile machine, email 
address, personal digital assistant, web site. 

13. The method of claim 9, wherein the personal resource of the provider is a 
communication device selected from the group consisting of a wired telephone, pager, 
wireless telephone, facsimile machine, email address, personal digital assistant, web 
site. 
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FIGURE 2 
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